﻿<?php
session_start();
ini_set('max_execution_TIME', 600);
include("dbconfig.php");

$db = mysql_pconnect($dbhost, $dbuser, $dbpassword) or die("Connection Error: " . mysql_error());
mysql_query("SET names UTF8");
mysql_select_db($database) or die("Error conecting to db.");
$examp = $_REQUEST["q"]; 
$ip=$_REQUEST["ip"];

$page = $_REQUEST['page']; 
$limit = $_REQUEST['rows']; 
$sidx = $_REQUEST['sidx']; 
$sord = $_REQUEST['sord']; 
$userid=$_SESSION['userid'];
$sign=$_SESSION['sign'];
if(!$sidx) $sidx =1;


if(isset($_GET["type"]))
{
$type = $_GET['type'];
}
else{
$type= -1;
}
if(isset($_GET["sip_mask"]))
{
$sip_mask = $_GET['sip_mask'];
}
else{
$sip_mask= '';
}

if(isset($_GET["time_mask"]))
{
$time_mask = $_GET['time_mask'];
}
else{
$time_mask= '';
}

if(isset($_GET["score_mask"]))
{
$score_mask = $_GET['score_mask'];
$_SESSION['score_mask']=$score_mask;
}
else{
$score_mask= 5;
}


//$type=1;
//$score=3;
//$sip_mask="75.101.132.222";
//$time_mask="2013-09-30";
//$where=" where 1=1 ";
$total_table_no=8;
function GetScore($tip,$ttime)
{
	
	$SQL ="select hfield,hserver,ctitle,ckws,chash,time from ip_sig where ip='$tip' order by time limit 0,1";
	$result = mysql_query( $SQL ) or die("Couldnt execute query.".mysql_error());	
	$row = mysql_fetch_row($result,MYSQL_ASSOC);
	$hfield=$row[hfield];
	$hserver=$row[hserver];
	$ctitle=$row[ctitle];
	$ckws=$row[ckws];
	$chash=$row[chash];

	for ($i=1; $i <=5; $i++) { 
		$where =" where 1=1 ";
		if($i>=1)$where.=" and ctitle='$ctitle' ";
		if($i>=2)$where.=" and ckws='$ckws' ";
		if($i>=3)$where.=" and hserver='$hserver' ";
		if($i>=4)$where.=" and hfield='$hfield' ";
    	if($i>=5) $where.=" and chash='$chash' ";
		$sqlpool[]=$where;
	}
	$ip_score=0;

	for ($t=0; $t<=4 ; $t++) { 
			$sql="select ip,time,code from ip_sig".$sqlpool[$t]." and ip='$tip' and time='$ttime'";
			//echo $sql."<br>";
			$res = mysql_query( $sql ) or die("Couldnt execute query.".mysql_error());
			$no=mysql_num_rows($res);
			//echo $sql."<br>".$no."</br>";
			if($no!=0)$ip_score+=1;

	}
	//echo $ip_score.'</br>';
	return  $ip_score;
}
if($type==0){

	$where = " WHERE ip like '".$sip_mask."'";
	$db_table = mysql_list_tables($database);
	$target_table=array();
	while($row = mysql_fetch_row($db_table)){
		$tb_name=$row[0];
		$pos = strpos($tb_name, "scanner_");
		if($pos!==false){
			$target_table[] = $tb_name;
		}
	}

	$i=0;
	$fail=0;
	foreach($target_table as &$tb_name)
	{
		$SQL ="select tid,ip,port,code,header,time from ".$tb_name." ".$where;
		$result = mysql_query( $SQL ) or die("Couldnt execute query.".mysql_error());	
	  	$row = mysql_fetch_array($result,MYSQL_ASSOC);
	  	$score=GetScore($sip_mask,$row[time]);
	  	$no=mysql_num_rows($result);
	  
	  	if($no==0){
	  		$row[tid]="Null";
	  		$row[ip]=$sip_mask;
	  		$row[port]="NotOpen";
	  		$row[code]="Unknown";
	  		$row[header]="Unkown";
	  		$tb_name=str_replace("scanner_","",$tb_name);
	  		$row[time]=substr($tb_name, 0,4)."-".substr($tb_name, 4,2)."-".substr($tb_name, 6,2);
	  		$fail++;

	  	}
		$response->rows[$i]['ID']=$row[tid];
		$response->rows[$i]['cell']=array($row[tid],$row[ip],$row[port],$row[code],$row[header],$row[time],$score,"","",$tb_name);
		$i++;
		if($i==$total_table_no){
			break;
		}

	}
	$count=$i;
	if( $count >0 ) {
		$total_pages = ceil($count/$limit);
	} 
	else {
		$total_pages = 0;
	}
	if ($page > $total_pages) $page=$total_pages;
	$response->page = $page;
	$response->total = $total_pages;
	$response->records =$count ;
	if($fail==$total_table_no)
		echo "no such IP";
	else echo json_encode($response);
}

if($type==1){


	$SQL ="select hfield,hserver,ctitle,ckws,chash,time from ip_sig where ip='$sip_mask' and time='$time_mask'";
	$result = mysql_query( $SQL ) or die("Couldnt execute query.".mysql_error());	
	$row = mysql_fetch_row($result,MYSQL_ASSOC);
	$hfield=$row[hfield];
	$hserver=$row[hserver];
	$ctitle=$row[ctitle];
	$ckws=$row[ckws];
	$chash=$row[chash];
	$sqlpool=array();
	$i=$score_mask;
	for ($i; $i <=5; $i++) { 
		$where =" where 1=1 ";
		if($i>=1)$where.=" and ctitle='$ctitle' ";
		if($i>=2)$where.=" and ckws='$ckws' ";
		if($i>=3)$where.=" and hserver='$hserver' ";
		if($i>=4)$where.=" and hfield='$hfield' ";
    	if($i>=5) $where.=" and chash='$chash' ";
		$sqlpool[]=$where;
	}

	//foreach($sqlpool as &$where)
	//{echo $where;}
  

	$SQL ="select count(*) as c from ip_sig".$sqlpool[0];
	$result = mysql_query($SQL) or die("Couldnt execute query.".mysql_error());
	$count = mysql_fetch_row($result,MYSQL_ASSOC);
	$count= $count["c"];
	if( $count >0 ) {
		$total_pages = ceil($count/$limit);
	} 
	else {
		$total_pages = 0;
	}
	if ($page > $total_pages) $page=$total_pages;
	if ($limit<0) $limit = 0;
	$start = $limit*$page - $limit; // do not put $limit*($page - 1)
	if ($start<0) $start = 0;
	$SQL="select ip,time,code from ip_sig".$sqlpool[0]." ORDER BY $sidx $sord LIMIT $start,$limit";
	$result = mysql_query( $SQL ) or die("Couldnt execute query.".mysql_error());
	$i=0;
	while($row = mysql_fetch_row($result,MYSQL_ASSOC)){
		$ip=$row[ip];
		$time=$row[time];
		$ip_score=$score_mask-1;
		for ($t=0; $t<=5-$score_mask ; $t++) { 
			$sql="select ip,time,code from ip_sig".$sqlpool[$t]." and ip='$ip' and time='$time'";
			$res = mysql_query( $sql ) or die("Couldnt execute query.".mysql_error());
			$no=mysql_num_rows($res);
			if($no!=0)$ip_score+=1;
		}
		//echo $ip."#".$ip_score."</br>";
		$response->rows[$i]['IP']=$ip;
		$response->rows[$i]['cell']=array($ip,$time,$row[code],$ip_score,"","");
		$i++;
	}
	$response->page = $page;
	$response->total = $total_pages;
	$response->records =$count ;
	echo json_encode($response);


}

else if($type==9)
{
	if(isset($_GET["from_mask"]))
	{
	$from_mask = $_GET['from_mask'];
	}
	else{
	$from_mask = '';
	}
	$table=$from_mask;
	$ip=$sip_mask;
	$SQL ="select * from ".$table." where ip like '".$ip."'";
	$result = mysql_query($SQL);
	if (!$result) 
	{
		$t=str_replace("-","",$table);
		$table="scanner_".$t;
		$SQL ="select * from ".$table." where ip like '".$ip."'";
		$result = mysql_query($SQL);
	}
	$row = mysql_fetch_array($result,MYSQL_ASSOC);
	if(!isset($_GET["code"]))
	{
		$name="tmp/".$ip.".".$table.".html";
		$fp = fopen($name, 'w');
		if(fwrite($fp, $row[content])==false) echo "fail";
		fclose($fp);
	//$response=json_encode($row[content]);
		echo json_encode($name);
	}
	else{
		echo json_encode($row[content]);
	}
	//mysql_close($db);
} 
else if($type==2)
{

	$where = " WHERE ip like '".$sip_mask."'";
	$db_table = mysql_list_tables($database);
	$target_table=array();
	while($row = mysql_fetch_row($db_table)){
		$tb_name=$row[0];
		$pos = strpos($tb_name, "scanner_");
		if($pos!==false){
			$target_table[] = $tb_name;
		}
	}

	$i=0;
	foreach($target_table as &$tb_name)
	{
		$SQL ="select tid,ip,port,code,header,time from ".$tb_name." ".$where;
		$result = mysql_query( $SQL ) or die("Couldnt execute query.".mysql_error());	
	  	$row = mysql_fetch_array($result,MYSQL_ASSOC);
		$response->rows[$i]['ID']=$row[tid];
		$response->rows[$i]['cell']=array($row[tid],$row[ip],$row[port],$row[code],$row[header],$row[time],"","",$tb_name);
		$i++;
		if($i==$total_table_no){
			break;
		}

	}
	$count=$i;
	if( $count >0 ) {
		$total_pages = ceil($count/$limit);
	} 
	else {
		$total_pages = 0;
	}
	if ($page > $total_pages) $page=$total_pages;
	$response->page = $page;
	$response->total = $total_pages;
	$response->records =$count ;
	echo json_encode($response);

}

mysql_close($db);


?>
